Hacking the Hackers: When Bad Guys Let Their Guard Down
May 12, 2025 – Published on Dark Reading
A server memory leak that allowed security researchers to quietly snoop on the recently disrupted DanaBot Russian malware-as-a-service (MaaS) operation for nearly three years has once again shown how much threat actors can sometimes give away when their own security slips.
The bug, dubbed “DanaBleed” by researchers, exposed sensitive data straight from DanaBot’s command-and-control (C2) servers and included private keys, victim details, infection statistics, malware updates, and even bits of the attackers’ infrastructure setup.
Unexpected windfalls like these have been surfacing with surprising regularity in recent months, with cybercrime groups tripping over their own operational missteps. Some of these OpSec failures have been inadvertent, as was the case with DanaBot. In other instances, disgruntled group members have leaked vital operational details, as happened recently with the Trickbot and Conti ransomware operation and with the Black Basta group.
Jason Baker, managing security consultant, threat intelligence at GuidePoint Security, says the mileage that defenders can get from leaked threat actor data vary depending on the source. Internal leaks that stem from disaffected members with insider access can be more damaging for the bad guys because they can include data such as chats that provide identifying data. “This is important, because it is well-protected information which provides a unique vantage point into the behavior and foibles of cyber threat actors,” Baker says.
Read More HERE.